CVE-2010-3858

The setup_arg_pages function in fs/exec.c in the Linux kernel before2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict thestack memory consumption of the (1) arguments and (2) environment for a32-bit application on a 64-bit platform, which allows local users to causea denial of service (system crash) via a crafted exec system call, arelated issue to CVE-2010-2240.

Ubuntu-Description

Brad Spengler discovered that stack memory for new a process was notcorrectly calculated. A local attacker could exploit this to crash thesystem, leading to a denial of service.